An incremental points-to analysis with CFL-reachability

Abstract. Developing scalable and precise points-to analyses is increasingly important for analysing and optimising object-oriented programs where pointers are used pervasively. An incremental analysis for a program updates the existing analysis information after program changes to avoid reanalysing it from scratch. This can be efficiently deployed in software development environments where code changes are often small and frequent. This paper presents an incremental approach for demand-driven context-sensitive points-to analyses based on Context-Free Language (CFL) reachability. By tracing the CFL-reachable paths traversed in computing points-to sets, we can precisely identify and recompute on demand only the points-to sets affected by the program changes made. Combined with a flexible policy for controlling the granularity of traces, our analysis achieves significant speedups with little space overhead over reanalysis from scratch when evaluated with a null dereferencing client using 14 Java benchmarks.

Program Tailoring: Slicing by Sequential Criteria

Protocol and typestate analyses often report some sequences of statements ending at a program point P that needs to be scrutinized, since P may be erroneous or imprecisely analyzed. Program slicing focuses only on the behavior at P by computing a slice of the program affecting the values at P. In this paper, we propose to restrict our attention to the subset of that behavior at P affected by one or several statement sequences, called a sequential criterion (SC). By leveraging the ordering information in a SC, e.g., the temporal order in a few valid/invalid API method invocation sequences, we introduce a new technique, program tailoring, to compute a tailored program that comprises the statements in all possible execution paths passing through at least one sequence in SC in the given order. With a prototyping implementation, Tailor, we show why tailoring is practically useful by conducting two case studies on seven large real-world Java applications. For program debugging and understanding, Tailor can complement program slicing by removing SC-irrelevant statements. For program analysis, Tailor can enable a pointer analysis, which is unscalable to a program, to perform a more focused and therefore potentially scalable analysis to its specific parts containing hard language features such as reflection

An Instantaneous Framework For Concurrency Bug Detection

Concurrency bug detection is important to guarantee the correct behavior of multithread programs. However, existing static techniques are expensive with false positives, and dynamic analyses cannot expose all potential bugs. This thesis presents an ultra-efficient concurrency analysis framework, D4, that detects concurrency bugs (e.g., data races and deadlocks) “instantly” in the programming phase. As developers add, modify, and remove statements, the changes are sent to D4 to detect concurrency bugs on-the-fly, which in turn provides immediate feedback to the developer of the new bugs. D4 includes a novel system design and two novel parallel incremental algorithms that embrace both change and parallelization for fundamental static analyses of concurrent programs. Both algorithms react to program changes by memoizing the analysis results and only recomputing the impact of a change in parallel without any redundant computation. Our evaluation on an extensive collection of large real-world applications shows that D4 efficiently pinpoints concurrency bugs within 10ms on average after a code change, several orders of magnitude faster than both the exhaustive analysis and the state-of-the-art incremental techniques

Incremental Static Analysis of Probabilistic Programs

Probabilistic models are used successfully in a wide range of fields, including machine learning, data mining, pattern recognition, and robotics. Probabilistic programming languages are designed to express probabilistic models in high-level programming languages and to conduct automatic inference to compute posterior distributions. A key obstacle to the wider adoption of probabilistic programming languages in practice is that general-purpose efficient inference is computationally difficult. This thesis aims to improve the efficiency of inference through incremental analysis, while preserving precision when a probabilistic program undergoes small changes. For small changes to probabilistic knowledge (i.e., prior probability distributions and observations), the probabilistic model represented by a probabilistic program evolves. In this thesis, we first present a new approach, Icpp, which is a data-flow-based incremental inference approach. By capturing the probabilistic dependence of each data-flow fact and updating changed probabilities sparsely, Icpp can incrementally compute new posterior distributions and thus enable previously computed results to be reused. For small changes at observed array data, upon which their probabilistic models are conditioned, the probabilistic models remain unchanged. In this thesis, we also present ISymb, which is a novel incremental symbolic inference framework. By conducting an intra-procedurally path-sensitive analysis, except for "meets-over-all-paths" analysis within an iteration of a loop (conditioned on some observed array data), ISymb captures the probability distribution for each path and only recomputes the probability distributions for the affected paths. Further, ISymb enables a precision-preserving incremental symbolic inference to run significantly faster than its non-incremental counterparts. In this thesis, we evaluate both Icpp and ISymb against the state-of-the-art data-flow-based inference and symbolic inference, respectively. The results demonstrate that both Icpp and ISymb meet their design goals. For example, Icpp succeeds in making data-flow-based incremental inference possible in probabilistic programs when some probabilistic knowledge undergoes small yet frequent changes. Additionally, ISymb enables symbolic inference to perform one or two orders of magnitude faster than non-incremental inference when some observed array dat

Forum - Ausgabe 2014

Informiert über die Forschungsaktivitäten an der Hochschule Konstanz im Jahr 2014

Fast and precise points-to analysis with incremental CFL-reachability summarisation: preliminary experience

We describe our preliminary experience in the design and implementation of a points-to analysis for Java, called EMU, that enables developers to perform pointer-related queries in programs undergoing constant changes in IDEs. EMU achieves fast response times by adopting a modular approach to incrementally updating method summaries upon small code changes: the points-to information in a method is summarised indirectly by CFL reachability rather than directly by points-to sets. Thus, the impact of a small code change made in a method is localised, requiring only its affected part to be re-summarised just to reflect the change. EMU achieves precision by being context-sensitive (for both method invocation and heap abstraction) and field-sensitive. Our evaluation shows that EMU can be promisingly deployed in IDEs where the changes are small